November 23, 2010

Subscribe

iOS 4.2.1 Released with Free “Find My iPhone”

Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.

Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.

Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.

iOS 4.2

Configuration ProfilesCVE-ID: CVE-2010-3827Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: A user may be misled into installing a maliciously crafted configuration profileDescription: A signature validation issue exists in the handling of configuration profiles. A maliciously crafted configuration profile may appear to have a valid signature in the configuration installation utility. This issue is addressed through improved validation of profile signatures. Credit to Barry Simpson of Bomgar Corporation for reporting this issue.

CoreGraphicsCVE-ID: CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Multiple vulnerabilities in FreeType 2.4.1Description: Multiple vulnerabilities exist in FreeType 2.4.1, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/

iAd Content DisplayCVE-ID: CVE-2010-3828Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: An attacker in a privileged network position may be able to cause a call to be initiatedDescription: A URL handling issue exists in iAd Content Display. An iAd is requested by an application, either automatically or through explicit user action. By injecting the contents of a requested ad with a link containing a URL scheme used to initiate a call, an attacker in a privileged network position may be able to cause a call to occur. This issue is addressed by ensuring that the user is prompted before a call is initiated from a link. Credit to Aaron Sigel of vtty.com for reporting this issue.

ImageIOCVE-ID: CVE-2010-2249, CVE-2010-1205Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Multiple vulnerabilities in libpngDescription: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html

libxmlCVE-ID: CVE-2010-4008Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue exists in libxml’s xpath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of xpaths. Credit to Bui Quang Minh from Bkis (www.bkis.com) for reporting this issue.

MailCVE-ID: CVE-2010-3829Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Mail may resolve DNS names when remote image loading is disabledDescription: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the prefetch even if remote image loading is disabled. This may result in undesired requests to remote servers. The sender of an HTML-formatted email message could use this to determine whether the message was viewed. This issue is addressed by disabling DNS prefetching when remote image loading is disabled. Credit to Mike Cardwell of Cardwell IT Ltd. for reporting this issue.

NetworkingCVE-ID: CVE-2010-1843Available for: iOS 4.0 through 4.1 for iPhone 3GS and later, iOS 4.0 through 4.1 for iPod touch (3rd generation), iOS 3.2 through 3.2.2 for iPadImpact: A remote attacker may cause an unexpected system shutdownDescription: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue. This issue does not affect devices running iOS versions prior to 3.2.

NetworkingCVE-ID: CVE-2010-3830Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Malicious code may gain system privilegesDescription: An invalid pointer reference exists in Networking when handling packet filter rules. This may allow malicious code running in the user’s session to gain system privileges. This issue is addressed through improved handling of packet filter rules.

OfficeImportCVE-ID: CVE-2010-3786Available for: iOS 3.2 through 3.2.2 for iPadImpact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue exists in OfficeImport’s handling of Excel files. Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue was addressed on iPhones in iOS 4. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.

PhotosCVE-ID: CVE-2010-3831Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: “Send to MobileMe” may result in the disclosure of the MobileMe account passwordDescription: The Photos application allows users to share their pictures and movies through various means. One way is the “Send to MobileMe” button, which uploads the selected contents to the user’s MobileMe Gallery. The Photos application will use HTTP Basic authentication if no other authentication mechanism is presented as available by the server. An attacker with a privileged network position may manipulate the response of the MobileMe Gallery to request basic authentication, resulting in the disclosure of the MobileMe account password. This issue is addressed by disabling support for Basic authentication. Credit to Credit to Aaron Sigel of vtty.com for reporting this issue.

SafariCVE-ID: CVE-2009-1707Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: “Reset Safari” may not immediately remove website passwords from memoryDescription: After clicking the “Reset” button for “Reset saved names and passwords” in the “Reset Safari…” menu option, Safari may take up to 30 seconds to clear the passwords. A user with access to the device in that time window may be able to access the stored credentials. This issue is addressed by resolving the race condition that led to the delay. Credit to Philippe Couturier of izypage.com, and Andrew Wellington of The Australian National University for reporting this issue.

TelephonyCVE-ID: CVE-2010-3832Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 3.2 through 3.2.2 for iPadImpact: A remote attacker may be able to cause arbitrary code executionDescription: A heap buffer overflow exists in the handling of Temporary Mobile Subscriber Identity (TMSI) fields in GSM mobility management. This may allow a remote attacker to cause arbitrary code execution on the baseband processor. This issue is addressed through improved bounds checking. Credit to Ralf-Philipp Weinmann of the University of Luxembourg for reporting this issue.

WebKitCVE-ID: CVE-2010-3803Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An integer overflow exists in WebKit’s handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

WebKitCVE-ID: CVE-2010-3824Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling “use” elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to wushi of team509 for reporting this issue.

WebKitCVE-ID: CVE-2010-3816Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Rohit Makasana of Google Inc. for reporting this issue.

WebKitCVE-ID: CVE-2010-3809Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid cast issue exists in WebKit’s handling of inline styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of inline styling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3810Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the historyDescription: A cross-origin issue exists in WebKit’s handling of the History object. A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history. This issue is addressed through improved tracking of security origins. Credit to Mike Taylor of Opera Software for reporting this issue.

WebKitCVE-ID: CVE-2010-3805Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An integer underflow exists in WebKit’s handling of WebSockets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Keith Campbell, and Cris Neckar of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3823Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling of Geolocation objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to kuzzcc for reporting this issue.

WebKitCVE-ID: CVE-2010-3116Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: Multiple use after free issues exist in WebKit’s handling of plug-ins. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory handling.

WebKitCVE-ID: CVE-2010-3812Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An integer overflow exists in WebKit’s handling of Text objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 working with TippingPoint’s Zero Day Initiative for reporting this issue.

WebKitCVE-ID: CVE-2010-3808Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid cast issue exists in WebKit’s handling of editing commands. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editing commands. Credit to wushi of team509 for reporting this issue.

WebKitCVE-ID: CVE-2010-3259Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a malicious website may lead to the disclosure of image data from another websiteDescription: A cross-origin issue exists in WebKit’s handling of images created from “canvas” elements. Visiting a malicious website may lead to the disclosure of image data from another website. This issue is addressed through improved tracking of security origins. Credit to Isaac Dawson, and James Qiu of Microsoft and Microsoft Vulnerability Research (MSVR) for reporting this issue.

WebKitCVE-ID: CVE-2010-1822Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid cast issue exists in WebKit’s handling of SVG elements in non-SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG elements. Credit to wushi of team509 for reporting this issue.

WebKitCVE-ID: CVE-2010-3811Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling of element attributes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Michal Zalewski for reporting this issue.

WebKitCVE-ID: CVE-2010-3817Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid cast issue exists in WebKit’s handling of CSS 3D transforms. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS 3D transforms. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3818Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling of inline text boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3819Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid cast issue exists in WebKit’s handling of CSS boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS boxes. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3820Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An uninitialized memory access issue exists in WebKit’s handling of editable elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editable elements. Credit: Apple.

WebKitCVE-ID: CVE-2010-1789Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A heap buffer overflow exists in WebKit’s handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.

WebKitCVE-ID: CVE-2010-1806Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of object pointers. Credit to wushi of team509, working with TippingPoint’s Zero Day Initiative for reporting this issue.

WebKitCVE-ID: CVE-2010-3257Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue exists in WebKit’s handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to VUPEN Vulnerability Research Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3826Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid cast issue exists in WebKit’s handling of colors in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of colors in SVG documents. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-1807Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An input validation issue exists in WebKit’s handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of floating point values. Credit to Luke Wagner of Mozilla for reporting this issue.

WebKitCVE-ID: CVE-2010-3821Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue exists in WebKit’s handling of the ‘:first-letter’ pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ‘:first-letter’ pseudo-element. Credit to Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

WebKitCVE-ID: CVE-2010-3804Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Websites may surreptitiously track usersDescription: Safari generates random numbers for JavaScript applications using a predictable algorithm. This may allow a website to track a particular Safari session without using cookies, hidden form elements, IP addresses, or other techniques. This update addresses the issue by using a stronger random number generator. Credit to Amit Klein of Trusteer for reporting this issue.

WebKitCVE-ID: CVE-2010-3813Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: WebKit may perform DNS prefetching even when it is disabledDescription: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the operation even if prefetching is disabled. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed trough improved handling of DNS prefetching requests. Credit to Jeff Johnson of Rogue Amoeba Software for reporting this issue.

WebKitCVE-ID: CVE-2010-3822Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An uninitialized pointer issue exists in WebKit’s handling of CSS counter styles. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS counter styles. Credit to kuzzcc for reporting this issue.

WebKitAvailable for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPadImpact: A maliciously crafted website may be able to determine which sites a user has visitedDescription: A design issue exists in WebKit’s handling of the CSS :visited pseudo-class. A maliciously crafted website may be able to determine which sites a user has visited. This update limits the ability of web pages to style pages based on whether links are visited.